8 matches found
CVE-2025-63588
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...
EUVD-2025-38063
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...
CVE-2025-63588
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...
CVE-2025-63588
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...
CVE-2025-63588
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...
CVE-2025-63588
CMSimpleXH is affected by an unauthenticated reflected cross-site scripting vulnerability in its query handling path. The issue arises from insufficient input handling (lack of proper filtering/escaping) of user-supplied data, enabling an attacker to inject and execute JavaScript in a victim’s br...
PT-2025-45331
Name of the Vulnerable Software and Affected Versions CMSimpleXH affected versions not specified Description An unauthenticated reflected cross-site scripting issue exists in the query handling process. This allows remote attackers to inject and execute arbitrary JavaScript in a victim’s browser...
CVE-2025-63588
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...